Im going to go out on a limb here and predict Googles Android mobile phone platform is going to prove itself to be more secure than Apples iPhone in the long run. Lets take a closer look.

But first, I have to explain the basis for this preliminary comparisonAndroid handsets, after all, are not yet shipping, while we all know the iPhone is readily available in several parts of the world. Comparing them now really is a case of comparing apples and oranges, no pun intended. So that really just leaves me with having to compare them via their design features and user reports.

Further, Androids design is open to scrutiny, while iPhones inner workings are closed and proprietary. That said, much has been written about both, and Im going to base my comparison on what Ive been able to find publicly documented, except where otherwise noted.

So, with that pretty significant set of caveats out of the way, lets dive in.

 Application security architecture. This is a biggie for both systems. The iPhone applications appear to all run with root (administrative) privileges on a single UNIX kernel. That means that if one application fails, the entire system can trivially be compromised. On the other hand, Apple has thus far kept the system locked from the standpoint of adding new software. (Ill address their newly announced SDK below.) On the other other hand, each release of the iPhone firmware to date has had at least one defect in it enabling the underground community to add their own software to the device, pretty much with impunity. Not exactly a stellar track record, particularly for a device thats just a few months old.

Now, looking at the security of Androids application platform, its obvious theyve thought long and hard about how to do this. Their architectural documents clearly say, Each Android package (.apk) file installed on the device is given its own unique Linux user ID, creating a sandbox for it and preventing it from touching other applications (or other applications from touching it). This user ID is assigned to it when the application is installed on the device, and generally remains constant for the duration of its life on that device. Further, each package includes an XML configuration document (AndroidManifest.xml) that pre-defines the permissions and authorizations for each package. This provides a policy jail that each application runs inside. Thats a pretty powerful model.

On the other hand, defining the permissions in an applications AndroidManifest.xm file is discretionary, and a user could no doubt be duped into giving a malicious application a dangerous set of privileges. Weve seen how discretionary controls like this can fail in spectacular ways when left to the decision of the end user. Furthermore, these security features are really there to benefit those who play by the rules, and we know by now thats not how the Bad Guys play. Still, it does provide a level of control and, more importantly, separation between all the applications on the device that the iPhone doesnt even begin to address.

 Openness. Weve heard claims for many years that open source software is more/less secure than its closed counterparts. Whats more, weve seen those claims pretty thoroughly debunked in various studies comparing the two worlds. But this is different. In Googles Open Handset Alliance, we see numerous big commercial entities participating, and they have significant commercial interests in ensuring the security of the end products they ship.

Id venture to bet Androids design and source code will receive more security scrutiny than most (all?) other open source projects. By comparison, only Apples Darwin kernel is available for public scrutiny, and there really isnt much of an external community with massive commercial interests in reviewing its security.

And theres more to openness than just accessibility of a products source code. The Android team has clearly documented the process for developing and installing applications for Android, including how to interface with the underlying security framework. That openness has already resulted in at least one product vendor announcing it will be developing security applicationsfirewall, anti-spam, anti-malware, etcfor the platform.

Maybe Im totally off base here, but I think this is a pretty significant advantage in Androids long-term favor.